Data Privacy Analyst

Basic Qualifications:

• High school diploma or equivalent, required; bachelor's degree, preferred.

• 2+ years of bank compliance, risk management, data privacy or other commensurate work experience, required.

• Certification (i.e., CIPP, CIPM, CIPT, CDPSE), preferred.

Job Purpose and Scope:

Responsible for the development of the organization's Data Privacy Program, including all related policies and processes needed to maintain proper compliance based on state and federal regulations.

Essential Job Functions:

• Develops, implements, educates, monitors, and continually improves the core components of an effective data privacy program, including but not limited to:

• privacy-related policies, procedures, and standards;

• robust investigation procedures designed to respond to customer inquiries; and

• formal education, training, and communication.

• Creates and maintains data privacy guidelines to ensure the organization proactively establishes capabilities within its application and data platforms to fulfill privacy standards.

• Aids in the implementation of compliance safeguards to protect the privacy of personally identifiable information (PII), nonpublic personal information (NPI), and protected health information (PHI).

• Aligns any privacy related items with business objectives and strategy while adhering to applicable laws and regulations.

• Performs and oversees the initial and periodic privacy risk assessments, mitigation, and remediation for projects with data privacy requirements.

• Collaborates with business partners to solve complex data privacy problems and minimize the company's risk related to data privacy.

• Coordinates with lines of businesses, in the development and monitoring of privacy practices, including physical safeguards, data integrity, business continuity and disaster recovery procedures.

• Ensures the proper use, distribution, adherence, and monitoring of Bank OZK's Privacy Notice, Online Privacy Policy, and other similar privacy-related materials.

• Maintains current knowledge of applicable federal and state privacy laws and industry regulations.

• Monitors external environment continuously and ensures data privacy best practices are in place or updates as needed.

• Standardizes risk-based privacy reporting to ensure the CISO, Executive Leadership and various risk committees are informed of risks to the operation and progress of data privacy efforts.

• Monitors the performance of the privacy components of the program and related activities on a continuing basis, taking appropriate steps to improve its effectiveness.

• Investigates and responds to data privacy complaints.

• Serves as a data privacy subject matter resource to all business partners within the organization.

• Regularly exercises discretion and judgment in the performance of essential job functions.

• Follows Bank and department policies, practices, and procedures.

Knowledge, Skills, and Abilities:

• Knowledge of industry standards for data privacy and protection.

• Knowledge of Banking regulations and laws applicable to consumer privacy (Regulation P, GLBA, COPPA, HIPAA, GDPR, CCPA, etc.).

• Knowledge of privacy frameworks (NIST Privacy Framework, etc.).

• Ability to demonstrate effective research and analytical skills.

• Ability to work without close supervision.

• Ability to communicate effectively, both verbally and in writing.

• Ability to demonstrate effective organizational and documentation skills with diligence.

• Ability to maintain strict confidentiality and bank secrecy.

• Ability to manage multiple tasks with exacting deadlines in a fast-paced environment.

• Ability to adapt to repeated interruptions.

• Ability to participate in continuing education to maintain and/or enhance job performance.

• Ability to effectively balance risks taken with sound logic under own initiative.

• Skill in using computer and Microsoft Office products, including Outlook, Word, Excel PowerPoint, and SharePoint.

Job Expectations: Operate customary equipment and technology used in a business environment, with or without accommodation.

Note: This description is not an exhaustive list of all job functions, duties, skills, and job standards required. Other job functions, duties, skills, and standards may be added. Management reserves the right to add or change the job requirements at any time.